To access a wireless local area network (WLAN) securely, a key can be established to encrypt transmissions between a station and a network portal (NP), authenticator, access point (AP), or other network access device, collectively referred to as “access nodes” within this document. When the station connects to the WLAN, the station and an access node associated with the WLAN can then exchange a sequence of four messages known as the “four-way handshake.” The four-way handshake produces keys unique to the station that are subsequently used to protect transmissions, such as to guarantee confidentiality, source authentication, and message integrity. One example of such a key is a Pairwise Master Key (PMK).
A station can roam from one access node to another. When passing from a first access node to another a “hand-off” can occur, at which time a station changes connection from the first access node to a second access node.
Generation of keys during hand-off, such as in the four-way handshake, typically takes a relatively small amount of time. However, the time can be enough for a station to “drop off” the network. One example of a time-consuming handoff can occur when a station requires a new key. For example, say a station is using a single PMK in a WLAN, and fails to hand off from a first access node to a second access node using the existing key. This can require the creation of a new key. The time required to handle a change in keys from the first access node to the second access node can be long enough that for a period of time, the station is not connected to the network and cannot send and receive data.
Consider a problem involving multiple PMKs. In a network having multiple access nodes, a first access node can authenticate the station using a first PMK and can create keys for use by the station. This PMK can be published to a global cache shared by all access nodes. When roaming to a second access node, the station can attempt to use keys associated with the first PMK as all access nodes can share access to the global cache. The station can attempt to associate with a second access node and, assuming the attempt fails, the access node can create a second PMK and publish the PMK to the global cache for use by the station in transmitting and receiving data with any access node on the network sharing the global credential repository. This creation of PMKs at each access node can be time-consuming and can hamper performance.
Consider a building having network access on multiple floors. A robot rides an elevator between floors, as a person would, and is handed off from access node to access node, e.g. APs, at each floor that the robot visits. The robot receives instructions via a wireless network. As the robot changes from, for example, floor 1 to floor 2, the robot must re-associate with a new access node to continue to receive instructions. At floor 2 the robot must exit and perform a task. There, the elevator doors open for a brief period of time. A delay in authentication causes the robot to fail to exit the elevator prior to the closing of the doors. The elevator proceeds to the next floor, and the delay in network access has caused the robot to fail to perform at least one of its tasks as the robot did not exit the elevator. The problem can repeat itself at each subsequent floor and the task might never be accomplished. The foregoing example illustrates an actual problem experienced with a hospital robot, and is not intended to limit the scope of claimed subject matter to a specific implementation.
The foregoing examples of the related art and limitations related therewith are intended to be illustrative and not exclusive. Other limitations of the related art will become apparent upon a reading of the specification and a study of the drawings.